fea56667376b74c28c7de850800fb6d3aa1d0c1984106a02b7124d86ec7a7080

Resubmissions

13/01/2023, 11:41

12/01/2023, 16:59

11/01/2023, 18:21

max time kernel
103s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2023, 16:59

Target

Software.exe
Size

449.2MB
MD5

d5f6325ec94040f2a6ad638378f68863
SHA1

b577eebec521d0c252426ce01d0a85e405619e84
SHA256

87c7a6eb8d9ec5de571f3f3283d2b5f857d2eb9a262ccb11d9cbae9da8b649af
SHA512

9da7cb47b04618d05c0477656c82f500080e6b4325eefe5f4d87d3d11a171fcbcfe830b676e419961378217be2c9a93040c361ae30c62de1a39d76e921bb06eb
SSDEEP

24576:Rgh/xuMApac4x8buUjQs5nyyx+NxEyaQ:ih/rApz4xauUMs5nyC+NqyaQ

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4240 set thread context of 368	4240	Software.exe	91

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4240	Software.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 3444	4240	Software.exe	89
PID 4240 wrote to memory of 3444	4240	Software.exe	89
PID 4240 wrote to memory of 3444	4240	Software.exe	89
PID 4240 wrote to memory of 3116	4240	Software.exe	90
PID 4240 wrote to memory of 3116	4240	Software.exe	90
PID 4240 wrote to memory of 3116	4240	Software.exe	90
PID 4240 wrote to memory of 368	4240	Software.exe	91
PID 4240 wrote to memory of 368	4240	Software.exe	91
PID 4240 wrote to memory of 368	4240	Software.exe	91
PID 4240 wrote to memory of 368	4240	Software.exe	91
PID 4240 wrote to memory of 368	4240	Software.exe	91
PID 4240 wrote to memory of 368	4240	Software.exe	91
PID 4240 wrote to memory of 368	4240	Software.exe	91
PID 4240 wrote to memory of 368	4240	Software.exe	91

C:\Users\Admin\AppData\Local\Temp\Software.exe
"C:\Users\Admin\AppData\Local\Temp\Software.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Users\Admin\AppData\Local\Temp\Software.exe
  "C:\Users\Admin\AppData\Local\Temp\Software.exe"
  2⤵
  PID:3444
- C:\Users\Admin\AppData\Local\Temp\Software.exe
  "C:\Users\Admin\AppData\Local\Temp\Software.exe"
  2⤵
  PID:3116
- C:\Users\Admin\AppData\Local\Temp\Software.exe
  "C:\Users\Admin\AppData\Local\Temp\Software.exe"
  2⤵
  PID:368

memory/368-140-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/368-142-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/368-143-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4240-132-0x0000000000B50000-0x0000000000C36000-memory.dmp

Filesize
920KB

Download
memory/4240-133-0x0000000005B80000-0x0000000006124000-memory.dmp

Filesize
5.6MB

Download
memory/4240-134-0x0000000005670000-0x0000000005702000-memory.dmp

Filesize
584KB

Download
memory/4240-135-0x00000000055E0000-0x00000000055EA000-memory.dmp

Filesize
40KB

Download
memory/4240-136-0x0000000007D80000-0x0000000007E1C000-memory.dmp

Filesize
624KB

Download